Professional Documents
Culture Documents
Print 3
Print 3
Abstract
With the decrease in cost of electronic storage media, more and more sensitive
data gets stored in those media. Laptop computers regularly go missing, either
because they are lost or they are stolen. These laptops contain confidential
information, in the form of documents, presentations, emails, cached data, and
network access credentials. This confidential information is typically far more
valuable than the laptop hardware, if it reaches right people. This seminar describes
the most commonly used encryptiol algorithm, Advanced Encryption System (AES)
which is used for many of the confidential data storage methods.
5
Introduction
As the cost of electronic storage declines rapidly, more and more sensitive
data can be stored on media such as hard disks , CDs, and pen drives. Many
computers store data about personal finances, online transactions, tax records,
passwords for bank accounts and emails. All these sensitive information are
vulnerable to theft. Sensitive data may also be leaked accidentally due to improper
disposal or resale of storage media. Ensuring integrity in today’s interconnected
world, however, is exceedingly difficult. The general concept of secure handling of
data is composed of three aspects : confidentiality, integrity, and availability.
Confidentiality involves ensuring that information is not read by unauthorized
persons.
Encryption
Encryption is the process of transforming information (referred to as plaintext)
using an algorithm (called cipher) to make it unreadable to anyone except those
possessing knowledge, usually referred to as a key. The unreadable text created is
known as cipher text. The reverse process is known as decryption. There are two basic
techniques for encrypting information: symmetric encryption (also called secret key
encryption)and asymmetric encryption(also called public key encryption).Symmetric
encryption is the oldest and best-known technique. A secret key, which can be a
number, a word, or just a string of random letters, is applied to the text of a message
to change the content in a particular way. This might be as simple as shifting each
letter by a number of places in the alphabet. As long as both sender and recipient
know the secret key, they can encrypt and decrypt all messages that use this key.
6
AES uses five units of measurements to refer to data: bits, bytes, words,
blocks and state. Bit is a binary digit with a value of 0 or 1. Byte is a group of 8 bits
that can be treated as a single entity, a row matrix (1 x 8) of 8 bits. A word is a group
of 32 bits that can be treated as a single entity, a row matrix of 4 bytes. A block is
group of 128 bits.AES encrypts and decrypts data blocks.AES uses several rounds in
which each round is made of several stages. Data block is transformed from one stage
to another. At the beginning and end of the cipher, AES uses the term data block
before and after each stage, the data block is referred to as a state.
7
Fig 3. shows the structure of each round at the encryption side. Each round
except the last uses four transformations those are invertible. The last round has only
3 transformations. One Add Round Key is applied before the first round. The third
transformation is missing in the last round. At the decryption site, the inverse
transformations are used.
Sub Bytes
The first transformation, Sub Bytes is used at the encryption site. To substitute
a byte, we interpret the byte as two hexadecimal digits. The left digit defines the row
and the right digit defines the column of the substitution table. The two hexadecimal
digits at the junction of the row and the column are the new byte. In the Sub Byte
transformation a state is treated as a 4 x 4 matrix of bytes. Transformation is done one
byte at a time. The content of each byte is changed, but the arrangement of bytes in
the matrix remains the same. Fig 4. Shows this idea.
8
Sub Rows
Shifting is the permutation of bytes. Unlike DES, in which permutation is
done at the bit level, shifting transformation in AES is done at the byte level; the order
of bits in the byte is not changed. The number of shifts depends on the row number(0,
1, 2 or 3)of the state matrix. This means the row 0 is not shifted at all and the last row
is shifted three bytes. Fig 5.shows this idea.
Mix Columns
Mix Columns transformation operates at the column level, it transforms each
column of the state to a new column. The transformation is actually the matrix
multiplication of a state column by a constant square matrix. The bytes in the state
column and constant matrix are interpreted as 8-bit words(or polynomials).
9
FAT
NTFS
These drivers rely on the Storage Device Drivers, which are lower-level
drivers that directly access the storage media. Note that, both UNIX and Windows
storage data paths share almost one-to-one mapping in terms of their internal
structures. Thus, a confidential storage solution designed for one can be generalized to
both platforms.
11
During the boot process the PCRs are used to keep track of the code that
runs.The key used to encrypt the disk is sealed against a particular set of PCR values.
During a normal boot the PCRs reach the s ame values, and the key can be unsealed
by the TPM. If an attacker boots into any other operating system, the machine will be
fully functional but the PCR values will be different and the TPM will not unseal the
key. Thus, other operating systems cannot read the data on the disk, or find out how to
modify the disk to reset the Administrator password.
Encryption Programs
Software encryption programs come in two flavours: generalized encryption
Programs and built-in encryption mechanisms in applications. Generalized encryption
programs can encrypt and decrypt files using a variety of ciphers and encryption
modes; several examples are mcrypt, openssl, and gpg. Many applications also
include cryptographic options to protect the confidentiality of files. Examples include
the text editor vim and Microsoft Office products such as Word and Excel.
13
Other Challenges
When confidential data have to be removed, we must be sure that once
deleted, the data can no longer be restored. A full secure data lifecycle implies that
data is not only stored securely, but deleted in a secure manner as well. However,
typical file deletion (encrypted or not) only removes a file name from its directory or
folder.
The attack model in this seminar assumes that any attacks to recover sensitive
data are staged after the computer has been powered off, so volatile leakage of data
such as buffers, queues, and memory are beyond the scope of this survey.
Conclusion
This seminar took a look at the methods, advantages, and limitations of
confidential storage and deletion methods for electronic media in a non distributed,
single-user environment, with a dead forensic attack model. Confidential data-
handling methods are compared using characteristics associated with confidentiality,
policy, ease-of-use, and performance. Clearly, a combined solution that can store and
remove confidential information should have the following ideal characteristics:
References